This privacy notice describes what personal information is collected, and how it is used, and how it is shared, in the process of producing and operating Branch. It applies to users of this website, and partners helping produce the Branch publication.
The data controller ultimately responsible for the production of Branch (i.e. the we in this document) is Greening Digital Gbr Adams und Meyerhoff, a business partnership registered in Germany.
We regulated by the Berliner Beauftragte für Datenschutz und Informationsfreiheit / Berlin Office of Data Protection and Freedom of Information.
This notice was last updated on October 27th 2020.
How we collect personal information
We get personal information either directly, indirectly or automatically, in the course of creating and publishing Branch.
Most of the information we process is provided by you directly, for one of the reasons below:
- You signed up to receive news from us
- You contacted us, make an enquiry
- We have met online or in person
- You have contacted us to contribute to the publication
- You are working with us as a partner, contractor, or associate
- You, or your organisation is a supplier
- We are providing a service or product to your organisation
We may also receive information about you indirectly, in the following scenarios:
- You were included in conversations with us, or someone recommended you to us.
- You have an existing relationship with the team working on Branch.
- You are working with one of our clients or suppliers.
Finally, some information is collected automatically:
- If you are a reader or viewer of Branch, we do not use any cookies at all.
- You are accessing the Branch website, and we are using information related to your connection, to serve content to you quickly over a content delivery network.
- You are accessing the Branch website, and we are using information based on your IP address to serve accurate data about carbon intensity on the grid.
What we use your data for
We use your personal information to publish work and provide services, improve how we work. We may use this information to:
- Send you news and updates
- Inform you of changes to the services we provide
- To do business with you
- To manage your work if you are contracted by us
- To share documents with you securely
- Maintain legally required records, like for tax and accounting purposes
Our lawful basis for processing your data
Under the GDPR, if we are to process your personal data, we need a lawful basis for doing so. The lawful bases we rely on for processing your data are below:
Consent: You are not a client, supplier or otherwise in a contract with us, but you want to receive news and updates from us. We provide a way to unsubscribe from any update in every message we send. You can also unsubscribe by contacting email@example.com with the heading “unsubscribe”.
Contractual obligation: you have entered contracted with us to provide good or services, or vice versa. Alternatively, before we have entered a contract, you have asked us to do something.
Legitimate interests: you are a client or partner, and you’d reasonably expect us to get in touch beyond work we have contracted directly to do. You have a right to object to this, as outlined below.
What data we store
In the making and publishing of Branch, we use a number of third party services, who process data on our behalf – our data processors.
We use these services to work with clients, manage contributions to our publications, host the Branch website, and handle communications like email.
Each supplier we use has a policy that explains what data they process, how they process it, how long they keep it, and how they keep it safe.
Third party services
Below, we list the third party services, what we use them for, and link to their privacy policies.
Where data is stored
The Branch website server is hosted by Greennet in the UK.
Where organisations who process data on our behalf are are based outside the UK or European Economic Area (the EEA), or where data may be be transferred outside the EEA, we have put in place agreements to ensure that data is processed to the same standards of protection as European Law.
How long data is stored
We do not store data longer than necessary. We review our records every quarter to remove or anonymise data that should no longer be retained.
We use the following criteria to decide if data is necessary:
- Do we still carry out the activities for the purpose it was provided?
- Is this information still up to data and accurate?
- Are we required by law to keep this data, like for tax or employment purposes?
- Are there contractual obligations we need this data for, in order to be able to honor them?
How we keep data safe
We take care to choose services and tools that make it possible to follow good security practices, like strong passwords, 2 factor authentication, and secure connections using known protocols like TLS, and SSH.
We have reviewed the privacy policies and security practices of every service and tool we use. We have written agreements that require them to protect the personal data they process.
We limit administrative access to key individuals, and only for as long as necessary.
The GDPR grants the following rights to EU citizens. We’ve linked to more details, but below are examples of how you might use it.
The right to be informed – you have the right find out how data is collected and processed.
The right of access – you have the right to see any data collected, and how it is being processed
The right to rectification – you have the right to have any inaccurate data we are storing corrected.
The right to erasure – if we are not required to retain data by law, you have the right to request its deletion
The right to restrict processing – you have the right to request data is no longer processed – including stopping it being deleted. You might use this in a legal claim, to safeguard data for use as supporting evidence.
The right to data portability – you can request data you have provided to us. We will provide securely in a structured, machine readable format.
Right to object – you have the right to object to certain types of processing of data. If we can’t provide a compelling reason for continuing to do so, we will stop. You might use this as a partner or former contributor, to stop us contacting you with news that might otherwise be relevant.
Rights related to automated decision making, including profiling – we don’t do any of this.
Exercising your rights
To exercise any of these rights, please contact us at firstname.lastname@example.org.
Our postal address is:
3rd Floor, Origin Berlin
Mittelweg 50, 12053 Berlin.
We have a calendar month to get back to you, once we have heard from you.
To prevent fraud, and keep your data safe, we may ask you to verify your identity securely before we continue with your request.
If you aren’t satisfied with our response, we are regulated by Berliner Beauftragte für Datenschutz und Informationsfreiheit / Berlin Office of Data Protection and Information of Freedom.